Abstract
As a value-added service to deliver important data over the Internet with guaranteed receipt for each successful delivery, certified email has been discussed for years and a number of research papers appeared in the literature. But most of them deal with the two-party scenarios, i.e., there are only one sender and one recipient. In some applications, however, the same certified message may need to be sent to a set of recipients. In ISC’02, Ferrer-Gomila et. al presented a multi-party certified email protocol [5]. It has two major features. A sender could notify multiple recipients of the same information while only those recipients who acknowledged are able to get the information. In addition, its exchange protocol is optimized, which has only three steps. In this paper, we demonstrate some flaws and weaknesses in that protocol, and propose an improved version which is robust against the identified attacks while preserving the features of the original protocol.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Glew, N., Horne, B., Pinkas, B.: Certified email with a light on-line trusted third party: Design and implementation. In: Proceedings of 2002 International World Wide Web Conference, Honolulu, Hawaii, May 2002, pp. 387–395 (2002)
Ateniese, G., Medeiros, B., Goodrich, M.: TRICERT: Distributed certified email schemes. In: Proceedings of 2001 Network and Distributed System Security Symposium, San Diego, California (February 2001)
Deng, R., Gong, L., Lazar, A., Wang, W.: Practical protocols for certified electronic mail. Journal of Network and Systems Management 4(3), 279–297 (1996)
ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)
Ferrer-Gomila, J., Payeras-Capella, M., Huguet-Rotger, L.: A realistic protocol for multi-party certified electronic mail. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 210–219. Springer, Heidelberg (2002)
Kremer, S., Markowitch, O.: A multi-party non-repudiation protocol. In: Proceedings of 15th IFIP International Information Security Conference, Beijing, China, August 2000, pp. 271–280 (2000)
Markowitch, O., Kremer, S.: A multi-party optimistic non-repudiation protocol. In: Won, D. (ed.) ICISC 2000. LNCS, vol. 2015, pp. 109–122. Springer, Heidelberg (2001)
Mut-Puigserver, M., Ferrer-Gomila, J., Huguet-Rotger, L.: Certified electronic mail protocol resistant to a minority of malicious third parties. In: Proceedings IEEE INFOCOM 2000, Tel Aviv, Israel, March 2000, vol. 3, pp. 1401–1405 (2000)
Wang, G., Bao, F., Zhou, J.: Security analysis of a certified email scheme. manuscript, Institute for Infocomm Research, Singapore (2004)
Zhou, J., Gollmann, D.: A fair non-repudiation protocol. In: Proceedings of 1996 IEEE Symposium on Security and Privacy, Oakland, California, May 1996, pp. 55–61 (1996)
Zhou, J., Gollmann, D.: Certified electronic mail. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 160–171. Springer, Heidelberg (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, J. (2004). On the Security of a Multi-party Certified Email Protocol. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive